tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

referrer-policy-test.html (2350B)

      1 <!DOCTYPE html>
      2 <meta charset=utf-8>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="early-hints-helpers.sub.js"></script>
      6 <body>
      7 <script>
      8 const SEARCH_PARAMS = new URLSearchParams(window.location.search);
      9 const REFERRER_POLICY = SEARCH_PARAMS.get("referrer-policy");
     10 
     11 async function get_fetch_timing_and_headers(url_string) {
     12    const url = new URL(url_string);
     13    const id = url.searchParams.get("id");
     14    if (id === null) {
     15        throw new Error(`"${url.href}" does not contain id parameter`);
     16    }
     17    const response = await fetch(`${url.origin}/loading/early-hints/resources/get-fetch-timing-and-headers.h2.py?id=${id}`);
     18    const json = await response.json();
     19    return json;
     20 }
     21 
     22 function get_expected_referrer(is_same_origin) {
     23    const full = window.location.href;
     24    const origin = self.origin + "/";
     25    // There is no support for security level related policies such as
     26    // "no-referrer-when-downgrade" since the test is available only on HTTP/2.
     27    switch (REFERRER_POLICY) {
     28        case "no-referrer":
     29            return undefined;
     30        case "origin":
     31            return origin;
     32        case "origin-when-cross-origin":
     33            return is_same_origin ? full : origin;
     34        case "same-origin":
     35            return is_same_origin ? full : undefined;
     36        case "unsafe-url":
     37            return full;
     38        default:
     39            throw new Error(`Unsupported referrer policy: ${REFERRER_POLICY}`);
     40    }
     41 }
     42 
     43 async function check_referrer(url, expected_referrer) {
     44    await fetchScript(url);
     45 
     46    const { headers } = await get_fetch_timing_and_headers(url);
     47    assert_equals(headers["referer"], expected_referrer);
     48 
     49    const name = new URL(url, window.location);
     50    assert_true(isPreloadedByEarlyHints(name));
     51 }
     52 
     53 promise_test(async (t) => {
     54    const same_origin_preload_url = SEARCH_PARAMS.get("same-origin-preload-url");
     55    const same_origin_expected = get_expected_referrer(true);
     56    await check_referrer(same_origin_preload_url, same_origin_expected);
     57 
     58    const cross_origin_preload_url = SEARCH_PARAMS.get("cross-origin-preload-url");
     59    const cross_origin_expected = get_expected_referrer(false);
     60    await check_referrer(cross_origin_preload_url, cross_origin_expected);
     61 }, `Referrer policy: ${REFERRER_POLICY}`);
     62 </script>
     63 </body>